aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/new_base
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2009-06-10 12:10:13 +1200
committerMichael Koziarski <michael@koziarski.com>2009-06-10 12:12:21 +1200
commitc014c3e5c14beb71fa7c67f15448386d0ffaba28 (patch)
tree6463fc9f189332286f0516b2b1d11d5084b61818 /actionpack/lib/action_controller/new_base
parentb6fde6b4801fae26cdd0e790f6bfd06e7afe9941 (diff)
downloadrails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.tar.gz
rails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.tar.bz2
rails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.zip
Whitelist the methods which are called by multiparameter attribute assignment.
This prevents users from causing NoMethodErrors and the like by editing the parameter names, and closes a potential exploit of CVE-2009-1904.
Diffstat (limited to 'actionpack/lib/action_controller/new_base')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-02 23:58:32 +0000